The 'elem' is allocated memory in vu_queue_pop(), and it's memory should be
freed in all error branchs after vu_queue_pop().
In addition, in order to free 'elem' memory outside of while(1) loop, move the
definition of 'elem' to the begin of vus_proc_req().
Reported-by: Euler Robot <euler.ro...@huawei.com>
Signed-off-by: Alex Chen <alex.c...@huawei.com>
---
contrib/vhost-user-scsi/vhost-user-scsi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c
b/contrib/vhost-user-scsi/vhost-user-scsi.c
index 0f9ba4b2a2..4639440a70 100644
--- a/contrib/vhost-user-scsi/vhost-user-scsi.c
+++ b/contrib/vhost-user-scsi/vhost-user-scsi.c
@@ -232,6 +232,7 @@ static void vus_proc_req(VuDev *vu_dev, int idx)
VugDev *gdev;
VusDev *vdev_scsi;
VuVirtq *vq;
+ VuVirtqElement *elem = NULL;
assert(vu_dev);
@@ -248,7 +249,6 @@ static void vus_proc_req(VuDev *vu_dev, int idx)
g_debug("Got kicked on vq[%d]@%p", idx, vq);
while (1) {
- VuVirtqElement *elem;
VirtIOSCSICmdReq *req;
VirtIOSCSICmdResp *rsp;
@@ -288,6 +288,7 @@ static void vus_proc_req(VuDev *vu_dev, int idx)
free(elem);
}
+ free(elem);
}
static void vus_queue_set_started(VuDev *vu_dev, int idx, bool started)
--
2.19.1
